<?
define('SYSADMIN', 1);

$id = intval( dPgetParam( $_GET, 'project_id', 0 ) );

// check permissions for this record
$perms =& $AppUI->acl();
$canRead = $perms->checkModuleItem( $m, 'view', $id );

if (!$canRead) {
	$AppUI->showMsg('Access denied', UI_MSG_ERROR);
	exit();
}

$obj = new CProject();

$denied = $obj->getDeniedRecords($AppUI->user_id);
if (in_array($id, $denied)) {
	$AppUI->showMsg('Access denied', UI_MSG_ERROR);
	exit();
}

$obj->load($id);
$isProjectManager = $AppUI->user_id == $obj->getManager();

$canEdit = $perms->checkModuleItem( $m, 'edit', $id ) && ($AppUI->user_type == SYSADMIN || $isProjectManager);
if (!$canEdit) {
	$AppUI->showMsg('Access denied', UI_MSG_ERROR);
	exit();
}

$q = new DBQuery();
$q->addTable('projects');
$q->addUpdate('project_status', $_GET['status']);
$q->addWhere('project_id = '.$id);
$q->exec();

echo 'OK';
?>
